Security privacy tradeoff

As discussed before, there is a clear trade-off between security and usability when it comes to the security of future home. For instance, if you wanted to use a smart-lock for your home, would you rather have intruders possibly entering your home, or take the risk of being unduly locked-out? Of course, we would rather none of these situations, but it is very hard to build a perfect mechanism.

Quite often, a good way to address the security/usability trade-off is to select very accurate information to make security decisions. For instance, if you were to use a password for your smart-lock, it could be either very simple, and thus very usable but less secure, or very complex, and thus very secure, but less usable. On the other hand, if you were to use instead a fingerprint reader, it can be both usable and secure.

However, as we have seen in Week 1, private information should be dealt with carefully. The more information an application has about a user, the more reliably it can assess whether the user is the person who he/she claims he/she is, and hence the more secure the user authentication in that application is. In these situations, as you can see, there is a trade-off between security and privacy.

What researchers aim to do is to push the boundary of the trade-off between security and privacy by designing user-friendly systems that are able to provide a good level of security without compromising user privacy. An active area of research is the investigation of privacy-preserving mechanisms. Now let’s look at an example of such mechanisms.

Imagine the police want to check if the fingerprint they harvested from a crime scene matches any of the fingerprints stored in a bank’s database. The police will not want to simply share the fingerprint with the bank because it reveals their investigation data, and the bank cannot share all the fingerprints they have in their database because it breaches the privacy of their customers. We have a dilemma here. The solution is a privacy-preserving fingerprint matching protocol. This is a protocol that the bank and the police can run jointly, each entering the fingerprint they hold to find out if the two fingerprints entered by the two sides match or not, without revealing any other information about the fingerprints they hold to each other. The other side only finds out if there is a match, and nothing else.

Security scientists are working towards finding secure and privacy-preserving solutions like the privacy-preserving fingerprint matching protocol we discussed above. It is easy to design systems with more security but less privacy, or with more privacy but less security, but the challenge is to guarantee a reasonable level of both.